package org.javaboy.shirobasic.config;

import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.javaboy.shirobasic.util.EncryptUtil;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.security.auth.login.AccountNotFoundException;
import javax.servlet.http.HttpServletRequest;

/**
 * @Author 江南一点雨
 * @Site www.javaboy.org 2019-06-05 11:10
 */
public class MyRealm extends AuthorizingRealm {
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder
                .getRequestAttributes()).getRequest();
        String requestURI=request.getRequestURI();
        return null;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String username = (String) token.getPrincipal();
        if (!"admin".equals(username)) {
            throw new UnknownAccountException("账户不存在!");
        }
        String salt="a1b2";
        String initPwd="123";
        String saltedPwd= EncryptUtil.encryptPassword(initPwd,salt);
        return new SimpleAuthenticationInfo(username, saltedPwd, ByteSource.Util.bytes(salt),getName());
    }
}
